Why doesnâ€™t my ldap user label get assigned?

We have functioning ldap user imports (nightly) and other ldap user labels based on AD OUs that all work as designed. I have duplicated one of the working user labels, and then added one additional criterion based on a valid AD field. When tested, using the available â€˜Test LDAP Labelâ€™ function, I get the desired results but the label doesnâ€™t get assigned to the users when they log in.